US NEWS
A cyberattack on AT&T steals customer data: who is affected and what data has been revealed
A major cyberattack on AT&T has allowed hackers to access “nearly all” of the company’s customer call and text data. Who is affected, and how can you know if your data was stolen?
AT&T has notified the Securities and Exchange Commission that they were targeted in a significant cybersecurity attack affecting “nearly all” customers. Fortunately, no financial data was stolen, but this incident adds to the growing list of private and public entities that have fallen victim to hackers. Based on the amount of information obtained, this is an unprecedented attack. The scale is so devastating because AT&T is one of the largest cellular and interest providers operating in the country, with over 222.84 million contracts as of 2023.
This attack follows another that the company informed customers about at the end of March. That attack had occurred in mid-March, but the data stolen was from “2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
When did AT&T learn about the hack?
The report sent to the Securities and Exchange Commission about the attack and subsequent investigation shows that the data stolen was obtained between April 14 and 25, 2024, and that they were able to access “AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023.” The company became aware that their systems had been infiltrated on 19 April, meaning that data was still able to be stolen after the company became aware of the intrusion.
Joseph Cox, a digital security reporter, broke the story, describing the breach as “staggering and unprecedented.” AT&T told Cox that they determined that hackers were able to attack a “third-party cloud platform.”
How to know if your data was stolen
The stolen data includes call and text records. The company does not think that this information has been shared publicly. While this data is sensitive, the telecommunications company does not currently believe that the hackers obtained any financial information. However, the fact that hackers were able to infiltrate the company’s security systems shows that there are serious weaknesses that must be addressed as the methods employed by hackers become more advanced.